Security Affairs
DECEMBER 21, 2020
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor.
Threatpost
DECEMBER 21, 2020
Investigation reveals device sector is problem plagued when it comes to security bugs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
DECEMBER 19, 2020
Alert Follows Week's Worth of Revelations About SolarWinds Breach The NSA has issued a warning about two hacking techniques that could allow threat actors to access cloud resources by bypassing authentication mechanisms. The alert follows a week's worth of revelations over the SolarWinds breach that has affected government agencies and other organizations.
WIRED Threat Level
DECEMBER 19, 2020
All the most important stories about the biggest hack in years.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
AIIM
DECEMBER 22, 2020
It’s hard to talk about change without quoting Charles Darwin. I think he said it best when he said: “It is not the strongest or the most intelligent who will survive, but those who can best manage change.”. Change is a necessary part of life and therefore a necessary part of life in business. Managing change isn’t resisting change. It’s working with it.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
DECEMBER 21, 2020
Suspected Cyber Espionage Prioritized Biggest Targets, Says FireEye CEO Kevin Mandia Hackers who infiltrated government and business networks via a stealthy backdoor added to SolarWinds' Orion software appear to have focused on only the most high-value of targets, leading to about 50 organizations being "genuinely impacted," says FireEye CEO Kevin Mandia.
Schneier on Security
DECEMBER 24, 2020
Interesting analysis of China’s efforts to identify US spies: By about 2010, two former CIA officials recalled, the Chinese security services had instituted a sophisticated travel intelligence program, developing databases that tracked flights and passenger lists for espionage purposes. “We looked at it very carefully,” said the former senior CIA official.
Threatpost
DECEMBER 23, 2020
Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.
Security Affairs
DECEMBER 19, 2020
NATO announced it is assessing its systems after the SolarWinds supply chain attack that impacted multiple US government agencies. NATO announced it is checking its systems after the SolarWinds supply chain attack to determine if they were infected with a backdoor. “At this time, no evidence of compromise has been found on any NATO networks. Our experts continue to assess the situation, with a view to identifying and mitigating any potential risks to our networks,” a NATO official to
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Data Breach Today
DECEMBER 24, 2020
'All Network Assets' Monitored by Backdoored Orion Software May Need Rebuilding Federal, state and local governments are among the many victims of the supply chain attack that backdoored the SolarWinds' Orion network-monitoring software, and victims "may need to rebuild all network assets" being monitored by the software, the U.S. Cybersecurity and Infrastructure Security Agency warns.
Schneier on Security
DECEMBER 22, 2020
The microphones on voice assistants are very sensitive, and can snoop on all sorts of data : In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants have two to seven microphones, so they can do directional localisation, just as human ears do, but with greater sensitivity.
Dark Reading
DECEMBER 21, 2020
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
Security Affairs
DECEMBER 19, 2020
Joker’s Stash, the largest carding marketplace online, was shut down by a coordinated operation conducted by the FBI and the Interpol. Joker’s Stash, the largest carding marketplace online, was shut down as a result of a coordinated operation conducted by the FBI and the Interpol. The Joker’s Stash carding platform has been active since October 7, 2014, it focuses on the sale of stolen payment card details.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Data Breach Today
DECEMBER 24, 2020
Kaspersky: North Korean APT Group Used Malware in Attempt to Steal Information The Lazarus Group, a North Korean advanced persistent threat gang, apparently recently targeted a national ministry of health and a drug manufacturer involved in developing a COVID-19 vaccine in an attempt to steal information, according to the security firm Kaspersky.
Schneier on Security
DECEMBER 23, 2020
Bellingcat has investigated the near-fatal poisoning of Alexey Navalny by the Russian GRU back in August. The details display some impressive traffic analysis. Navalny got a confession out of one of the poisoners, displaying some masterful social engineering. Lots of interesting opsec details in all of this.
Thales Cloud Protection & Licensing
DECEMBER 22, 2020
Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing. sparsh. Tue, 12/22/2020 - 10:08. New EU restrictions could force companies to change data transfer practices and adopt more advanced data encryption methods. Traditionally, privacy has taken the form of a policy document created, housed, and referenced by the offices of general counsel and compliance at most organizations.
Security Affairs
DECEMBER 19, 2020
The US National Security Agency (NSA) warns of two techniques abused by threat actors for escalating attacks from local networks to cloud infrastructure. The US National Security Agency has published a security advisory that describes two techniques abused in recent attacks against cloud infrastructure. The attack techniques are abused by hackers are using to escalate access from compromised local networks into cloud-based infrastructure.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Data Breach Today
DECEMBER 21, 2020
Prosecutors: Websites Spoofed Pharmaceutical Firms for ID Theft Federal investigators have seized two domains impersonating the pharmaceutical firms Moderna, which has begun shipping a COVID-19 vaccine, and Regeneron, which developed a treatment, according to the U.S. Justice Department. Fraudsters were using the websites for identity theft.
Schneier on Security
DECEMBER 21, 2020
Cellebrite announced that it can break Signal. (Note that the company has heavily edited its blog post, but the original — with lots of technical details — was saved by the Wayback Machine.). News article. Slashdot post. The whole story is puzzling. Cellebrite’s details will make it easier for the Signal developers to patch the vulnerability.
Troy Hunt
DECEMBER 19, 2020
I'm live again! Well, I was live having found enough connectivity in Port Douglas to go back to streaming. I'll still be here next week too and will plan on doing a Christmas morning stream from the same location. I talk a bunch about the trip and what I'm seeing in Aus in the latter part of this video, it's a truly amazing place I'm only just getting to really see extensively now.
Security Affairs
DECEMBER 21, 2020
Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. The attackers used an exploit chain named Kismet that was part of the arsenal of the controversial Pegasus spyware that is sold by the surveillance firm NSO Gr
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Data Breach Today
DECEMBER 24, 2020
Attackers Target Online Shoppers in the US and Europe Cybercriminals are targeting online shoppers in the U.S. and Western Europe with fake Amazon gift cards that deliver the Dridex banking Trojan, the security firm Cybereason reports.
Threatpost
DECEMBER 24, 2020
The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
WIRED Threat Level
DECEMBER 20, 2020
The crooks used emulators to mimic the phones of more than 16,000 customers whose mobile bank accounts had been compromised.
Security Affairs
DECEMBER 25, 2020
Russian cryptocurrency exchange Livecoin was compromised on Christmas Eve, hackers breached its network and gained control of some of its servers. The Russian cryptocurrency exchange was hacked on Christmas Eve, it published a message on its website warning customers to stop using its services. “Dear clients, we ask you to stop using our service in all meanings: don’t deposit funds, don’t trade, don’t use API.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Data Breach Today
DECEMBER 19, 2020
Alert Follows Week's Worth of Revelations Over SolarWinds Breach The NSA has issued a warning about two hacking techniques that could allow threat actors to access cloud resources by bypassing authentication mechanisms. The alert follows a week's worth of revelations over the SolarWinds breach that has affected government agencies and other organizations.
eSecurity Planet
DECEMBER 23, 2020
The COVID-19 pandemic of 2020 has forced enterprises of all sizes and industries to adopt new work approaches that keep employees safe at home while ensuring productivity and security. Not only have videoconferencing applications such as Zoom, Skype, and Cisco Webex gone through the roof in usage, but new and more sophisticated networking and security products are also in high demand.
Adam Levin
DECEMBER 23, 2020
Law enforcement agencies from the United States and Europe seized domain names and servers belonging to a virtual private network (VPN) provider long linked to online cybercrime. In a press release issued December 22, U.S. Attorney Matthew Schneider announced the action, called “Operation Nova,” which disrupted the activities of a so-called “bulletproof hosting service” in coordination with Europol and law enforcement agencies from Germany, France, Switzerland, and the Netherlands.
Expert insights. Personalized for you.
145 
Let's personalize your content